On 18-Jul-12 08:48, Saku Ytti wrote:
On (2012-07-18 08:37 -0500), Stephen Sprunk wrote:
There is no need for [RFC2777 verifiability], since your failure to use a good source of randomness hurts nobody except yourself.
I think you're making fact out of opinion. Maybe SP is generating ULAs for their customers.
Why would they do that? SPs should only be assigning (and routing) GUAs. ULAs are for /local/ use within the customer site, so customers can and should generate their own locally. An SP should never see those addresses and can safely ignore their existence, aside from a generic filter on the entire ULA range.
Maybe this is not practical enough concern, but I'm wondering, what is the downside? What is the benefit of recommending method which is not testable/provable.
Those were not considered requirements for the algorithm in RFC 4193 since there is no scenario /where RFC 4193 addresses are a valid solution in the first place/ for which testability or provability of the algorithm's results are important or even useful. S -- Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking